<?php
	require '../db_config.php';
	include_once 'isUserLogged.php';

	$result = '';
	$oldPass = $_POST['old_pass'];
	$newPass = $_POST['new_pass'];
	$repeatedNewPass = $_POST['repeated_new_pass'];
	
	mysql_connect(__DB_HOST__, __DB_USER__, __DB_PASSWORD__) or die(mysql_error());
	mysql_query('use ' . __DB_DATABASE__ . ';') or die('Invalid query: ' . mysql_error());
	$result = mysql_query('SELECT en FROM site_fields WHERE description=\'admin\';') or die('Invalid query: ' . mysql_error());
	$arr = mysql_fetch_array($result);
	$password = $arr['en'];

	if (sha1($oldPass) == $password && $newPass == $repeatedNewPass) {
		$result = 'Password changed successfully';
		mysql_query('UPDATE site_fields SET en=\'' . sha1($newPass) . '\', fr=\'' . sha1($newPass) . '\' WHERE description=\'admin\';   ') or die('Invalid query: ' . mysql_error());
		$result = $result."</br>"."<input type=\"button\" value=\"Admin panel\" onClick=\"location.href='index.php'\"/>";
	} else {
		$result = 'Password change failed';
		$result = $result."</br>"."<input type=\"button\" value=\"try again\" onClick=\"location.href='changePassword.php'\"/>";
	}

	echo $result;
?>
